Activation Spawn REST API

The activation spawn process assumes a new service that the main application uses to fetch the activation code (to be passed to the secondary app).

The principles of the activation spawn are covered in the following tutorial:

API Reference

The activation spawn API only has one endpoint.

post /api/activation/code Get The Activation Code

Fetches the activation code from the server. The service requires a 2FA PowerAuth signature (POSSESSION_KNOWLEDGE or POSSESSION_BIOMETRY), and it uses activation scope payload encryption to protect the server call request and response from being intercepted.

This endpoint is published by the Enrollment Server component, where it must be explicitly enabled.


Decrypted request payload:

  "requestObject": {
    "applicationId": "SECONDARY_APP_ID",
    "otp": "1234567890123456"
Attribute Description
applicationId Identifier of the secondary to be activated.
otp OTP value, at least 16 characters.


Decrypted response payload:

  "status": "OK",
  "responseObject": {
    "activationId": "c7a69c2d-...-...-...-604efc71bc82",
    "activationCode": "11111-...-...-11111",
    "activationSignature": "MII...=="
Attribute Description
activationId Identifier of new activation.
activationCode Activation code value.
activationSignature Activation code signature.
Last updated on May 23, 2023 (12:17) Edit on Github Send Feedback